Software Integrity

Tesla adopts code signing after remote access hack

After researchers discovered a way to hack into Tesla vehicles and reprogram their firmware, the auto manufacture pushed out not only a fix for that vulnerability, but a method for securing all the code running on the vehicle.

The researchers from Tencent were able to remotely access a Tesla via its infotainment system. They faked a Wi-Fi hotspot and car automatically connected to it. They then directed the infotainment system’s web browser to a specially created webpage which allowed them to overwrite the firmware on the gateway ECU separating the infotainment system from safety critical systems. This gained them access to such things as the braking system.

Connected cars such as those from Tesla are segmented, meaning that one cannot directly go from the infotainment system to the safety critical system. Yet these researchers were able to do so.
In 2015, researchers at DEF CON 23 were able to hack into the infotainment system and connect to other parts of the car, but they did so by physically tearing the car apart. This Tencent attack was wireless.

In fixing the vulnerabilities found by Tencent, Tesla added an additional security feature which requires any firmware update to the vehicle’s CAN bus to be digitally signed by Tesla with a code only it possesses. Code signing is considered a software best practice in that it ensures that any updates to a system be authorized by the manufacturer. It prevents rogue updates.

“Cryptographic validation of firmware updates is something we’ve wanted to do for a while to make things even more robust,” says Tesla’s chief technical officer JB Straubel. Straubel notes that Tesla has been working on the code-signing feature for months but accelerated its rollout when the Tencent hackers reported their attack, according to Wired.com.